Apple accidentally unpatched a vulnerability first patched in iOS 12.3, and researchers used it to create an iOS 12.4 jailbreak.
Paige Thompson, the Capital One hacker, possibly hacked 30 other companies, new court documents revealed. Victims aren’t yet known.
Security researcher “MG” presented some special Lightning cables at Def Con 2019 that can hack your computer.
Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:
Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…
They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.
Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.
In the latest issue of PCMag, Max Eddy writes that you shouldn’t give money to ransomware attackers when they ask.
First, most cyberattacks—including ransomware—don’t last long. The command and control servers that issue the unlock commands and receive payment can be found and taken offline…In either case, anyone who has been infected and not paid the ransom can no longer get their system unlocked, even if they pay.
This is why keeping several backups is important, one online, one offline. And keep your operating system up to date with the latest security patches and improvements.
This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.
Trending security news today shows that iPhone Bluetooth can reveal some personal information like phone numbers.
The Capital One data breach might not have bene limited to the bank. Other companies could’ve been affected too, according to Slack messages from the hacker Paige Thompson.
Reports from Forbes and security reporter Brian Krebs indicating that Capital One may not have been the only company affected, pointing to “one of the world’s biggest telecom providers, an Ohio government body, and a major U.S. university,” according to Slack messages sent by the alleged hacker.
Krebs posted a screenshot of a list of files purportedly stolen by the alleged hacker. The stolen data contained filenames including car maker “Ford” and Italian financial services company “Unicredit.”
A Capital One hack was recently discovered, affecting over 100 million people. Here’s what we know, and what you can do to stay protected.
On July 19 Capital One found it had gotten hacked. The FBI arrested the hacker but 100 million U.S. customers are affected.
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
What angers me the most about this is the fact that I had to read the news to learn what happened. As a Capital One customer I feel I should’ve been notified by email. Customers affected by this will get an email but I want a notification email as well. Maybe I’ll get five bucks like those affected by Equifax.
Israel-based NSO Group claims it can harvest iCloud data in targeted attacks. It’s said to be a version of the Pegasus spyware.
Attackers using the malware are said to be able to access a wealth of private information, including the full history of a target’s location data and archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.
When questioned by the newspaper, NSO denied promoting hacking or mass-surveillance tools for cloud services, but didn’t specifically deny that it had developed the capability described in the documents.
Hackers, thieves, and independent repair companies can find ways to break into iCloud-locked iPhones.
The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices…Making matters more complicated is the fact that not all iCloud-locked phones are stolen devices—some of them are phones that are returned to telecom companies as part of phone upgrade and insurance programs.
TL;DR: Phishing, mugging, and social engineering are methods. You can even remove the CPU and reprogram it by stealing an unused IMEI.
In a new blog post, ProtonVPN announced it will fully encrypt its exit servers to help stop man-in-the-middle (MITM) attacks.
Popular workplace app Slack is preparing to go public, and it warns investors it may become a target of nation state hacking.
Companies that are preparing to go public—such as Uber, Lyft, Pinterest, Snapchat, and PagerDuty—all have sections in their S-1 registrations that address the threat of “unauthorized access” to their software, systems, and technologies. However, none of these companies explicitly referred to “organized crime” or “nation-states,” as Slack did in its S-1 filing.
Ms. Haskins also reminds us that Slack doesn’t have end-to-end encryption, and in some cases your boss can download and read your entire Slack history without you knowing.
Roughly 500 million iOS users have been affected by a cyberattack that takes advantage of an iOS Chrome bug.
The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.
Another research firm says this attack can also affect Safari users. Be careful this weekend.
This morning The Weather Channel was knocked off the air after a malicious software attack, and federal law enforcement are investigating.
Infamous Wikileaks founder Julian Assange was arrested recently after hiding at the Ecuadorian embassy in London for seven years.
Two high school students in New Jersey successfully jammed their school’s Wi-Fi network in order to avoid taking exams.
Secaucus Schools Superintendent Jennifer Montesano says the school’s Wi-Fi network has been restored and is now fully operational. But she declined further comment. Since much of the school’s curriculum is internet-based, the lack of Wi-Fi connection disrupted the students’ daily assignments.
As Redditor u/AdvancedAdvance quipped: “Although their slowing down the network to unusable speeds will land them in a lot of trouble at school, they can now expect to get full-time, high-paying job offers from AT&T and Verizon.”
Gavin de Becker, Jeff Bezos’ security consultant, is accusing the Saudis of hacking into Mr. Bezos’ phone in order to harm him.
Kwamaine Jerell Ford has pleaded guilty to hacking celebrity Apple accounts and using them to go on a ‘spending spree’.
Beto O’Rourke is a Democratic candidate for the 2020 presidential race. In a recent interview he revealed he was part of the Cult of the Dead Cow, the oldest hacking group in the U.S.
The hugely influential Cult of the Dead Cow, jokingly named after an abandoned Texas slaughterhouse, is notorious for releasing tools that allowed ordinary people to hack computers running Microsoft’s Windows. It’s also known for inventing the word “hacktivism” to describe human-rights-driven security work.